January 18, 2019

“Collection 1” data dump exposes 773 million email address and 21 million passwords

What’s been going on?

Yes, you read that right.  This monster breach has exposed an unprecedented amount of email address and passwords, having been posted on a hacking forum.

This huge data dump was identified by security researcher Troy Hunt, after receiving a tip from one of his contacts.  Hunt found the “data was being socialised” on a popular hacking forum.  This data has now been included this in Hunt’s extremely useful (security fans-favourite) Have I Been Pwned site, so you can check very quickly whether you have been affected.

The Collection #1 breach is composed of “a set of email addresses and passwords totalling 2,692,818,238 rows,” Hunt explained in his blog post, detailing that the total number of unique combinations of emails and passwords is more than 1.16 billion.

Troy commented, “This also includes some junk because hackers being hackers, they don’t always neatly format their data dumps into an easily consumable fashion”.

The data includes”dehashed” passwords that Hunt explained had “been cracked and converted back to plain text,” confirming that he found his own information – exposing old passwords – within the data-set.

And the chances are, that your credentials might be compromised too.

So, what should I do about it?

Check out Have I Been Pwned

Firstly, we’d recommend checking out Have I Been Pwned.  It’s a great tool to help you see if your email address(es) has been involved in a data breach.  It can also be used to check passwords that might have been involved (although not together, obviously, because that’s the sort of behaviour that got us in this mess in the first place!).

Sign up for notifications

It’s simple, it’s free.  Simply sign up to be notified in the event that your details are involved in a data breach that’s found on the internet.

Don’t resuse passwords

I know we bang the drum about this one a lot, but it’s so important.  This latest mega data dump is just another reason – after all, it looks to be an amalgamation of different breached data, so we can’t pinpoint which user details affect which site.  By using different passwords for different sites, it means that if one gets breached, everything else remains safe and you can sleep a little easier.

Adopt a password manager

Better yet, think about implementing a password manager.  There’s a whole host of very good password managers available now.  They help to store all of your passwords safely, ensuring you can use different passwords for every single account… without the need to remember them! They’re also great at creating really strong passwords for new accounts, right from the off, as well as providing handy audits on your current passwords too.

Win, win.


Don’t be too alarmed by this latest data dump, but do take it as an opportunity to review what you’re doing with your passwords – and how, by just following a few of the simple tips above, you could improve your personal security no end.

Share this: